Security is the floor, not a feature. Here is how we operate.
Infrastructure
- Managed cloud hosting with isolated environments for development, staging, and production.
- Database with point-in-time recovery and automated daily backups.
- Edge network for fast, DDoS-resistant delivery.
Encryption
- TLS 1.2+ for all traffic in transit.
- AES-256 encryption at rest for databases and backups.
- Secrets stored in an encrypted vault, never in source code.
Access control
- Row-level security on every user-data table.
- Least-privilege roles for staff; production access logged and reviewed.
- Mandatory two-factor authentication on all administrative accounts.
Monitoring and response
- Continuous logging, alerting, and uptime monitoring.
- Incident response plan with notification within 72 hours of a confirmed breach.
- Dependency scanning and timely patching of critical vulnerabilities.
Report a vulnerability
Send security reports through our contact page with the subject line "Security". We take responsible disclosure seriously.